CERT home
vulnerabilities & fixesevaluations & practicesresearch & analysistraining & education
homesearchFAQsite indexcontact
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

Vulnerability Note VU#17566

sysback makes call to hostname without a fully qualified path specification

Overview

sysback, shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname.

I. Description

sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders can put a malicious hostname in the path before the "real" hostname, and thereby execute any commands with root privileges.

II. Impact

Local users can execute arbitrary commands and programs with root privileges.

III. Solution

Update to sysback.rte 4.2.1.13 as described in the IBM vendor statement.

Remove setuid root from sysback in environments that permit it (where such a change would not be detrimental to operations).

Systems Affected

VendorStatusDate Updated
IBMVulnerable10-Dec-2000

References


Credit

Our thanks to Kiki Lee for reporting this vulnerability.

This document was written by Shawn V Hernan.

Other Information

Date Public12/10/2000
Date First Published12/12/2000 06:03:56 PM
Date Last Updated12/12/2000
CERT Advisory 
CVE Name 
Metric1.35
Document Revision6

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Copyright 2000 Carnegie Mellon University